You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by si...@apache.org on 2019/06/28 18:45:18 UTC
[sling-org-apache-sling-feature-cpconverter] branch master updated:
SLING-8544 - [cp2fm] service users need to be created with intermediate
path
This is an automated email from the ASF dual-hosted git repository.
simonetripodi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
The following commit(s) were added to refs/heads/master by this push:
new 9bcd28c SLING-8544 - [cp2fm] service users need to be created with intermediate path
9bcd28c is described below
commit 9bcd28cbc52127264086e17cb59e306333b9fc85
Author: Simo Tripodi <st...@adobe.com>
AuthorDate: Fri Jun 28 20:45:10 2019 +0200
SLING-8544 - [cp2fm] service users need to be created with intermediate
path
---
.../apache/sling/feature/cpconverter/acl/Acl.java | 2 +-
.../sling/feature/cpconverter/acl/AclManager.java | 4 +-
.../feature/cpconverter/acl/DefaultAclManager.java | 33 +++++++----
.../sling/feature/cpconverter/acl/SystemUser.java | 66 ++++++++++++++++++++++
.../handlers/RepPolicyEntryHandler.java | 5 +-
.../handlers/SystemUsersEntryHandler.java | 12 +++-
.../feature/cpconverter/acl/AclManagerTest.java | 14 +++--
.../handlers/RepPolicyEntryHandlerTest.java | 34 +++++++----
.../handlers/SystemUsersEntryHandlerTest.java | 6 +-
9 files changed, 139 insertions(+), 37 deletions(-)
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/acl/Acl.java b/src/main/java/org/apache/sling/feature/cpconverter/acl/Acl.java
index 9c22118..23cd723 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/acl/Acl.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/acl/Acl.java
@@ -33,7 +33,7 @@ public final class Acl {
private final List<String> restrictions = new LinkedList<>();
- protected Acl(String operation, String privileges, Path path) {
+ public Acl(String operation, String privileges, Path path) {
this.operation = operation;
this.privileges = privileges;
this.path = path;
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
index d34f412..f820bca 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
@@ -24,9 +24,9 @@ import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler;
*/
public interface AclManager {
- boolean addSystemUser(String systemUser);
+ boolean addSystemUser(SystemUser systemUser);
- Acl addAcl(String systemUser, String operation, String privileges, String path);
+ Acl addAcl(String systemUser, Acl acl);
void addRepoinitExtension(VaultPackageAssembler packageAssembler, Feature feature);
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java
index 16c79ff..77eff54 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java
@@ -19,7 +19,6 @@ package org.apache.sling.feature.cpconverter.acl;
import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Path;
-import java.nio.file.Paths;
import java.util.Formatter;
import java.util.HashMap;
import java.util.HashSet;
@@ -43,11 +42,11 @@ public final class DefaultAclManager implements AclManager {
private static final String DEFAULT_TYPE = "sling:Folder";
- private final Set<String> preProvidedSystemUsers = new LinkedHashSet<>();
+ private final Set<SystemUser> preProvidedSystemUsers = new LinkedHashSet<>();
private final Set<Path> preProvidedPaths = new HashSet<>();
- private final Set<String> systemUsers = new LinkedHashSet<>();
+ private final Set<SystemUser> systemUsers = new LinkedHashSet<>();
private final Map<String, List<Acl>> acls = new HashMap<>();
@@ -55,15 +54,14 @@ public final class DefaultAclManager implements AclManager {
private Set<String> privileges = new LinkedHashSet<>();
- public boolean addSystemUser(String systemUser) {
- if (systemUser != null && !systemUser.isEmpty() && preProvidedSystemUsers.add(systemUser)) {
+ public boolean addSystemUser(SystemUser systemUser) {
+ if (preProvidedSystemUsers.add(systemUser)) {
return systemUsers.add(systemUser);
}
return false;
}
- public Acl addAcl(String systemUser, String operation, String privileges, String path) {
- Acl acl = new Acl(operation, privileges, Paths.get(path));
+ public Acl addAcl(String systemUser, Acl acl) {
acls.computeIfAbsent(systemUser, k -> new LinkedList<>()).add(acl);
return acl;
}
@@ -107,8 +105,8 @@ public final class DefaultAclManager implements AclManager {
// system users
- for (String systemUser : systemUsers) {
- List<Acl> authorizations = acls.remove(systemUser);
+ for (SystemUser systemUser : systemUsers) {
+ List<Acl> authorizations = acls.remove(systemUser.getId());
// make sure all paths are created first
@@ -116,11 +114,13 @@ public final class DefaultAclManager implements AclManager {
// create then the users
- formatter.format("create service user %s%n", systemUser);
+ String path = systemUser.getPath().getName(systemUser.getPath().getNameCount() - 1).toString();
+ formatter.format("create path (rep:AuthorizableFolder) /home/users/system/%s%n", path);
+ formatter.format("create service user %s with path %s%n", systemUser.getId(), path);
// finally add ACLs
- addAclStatement(formatter, systemUser, authorizations);
+ addAclStatement(formatter, systemUser.getId(), authorizations);
}
// all the resting ACLs can now be set
@@ -128,7 +128,7 @@ public final class DefaultAclManager implements AclManager {
for (Entry<String, List<Acl>> currentAcls : acls.entrySet()) {
String systemUser = currentAcls.getKey();
- if (preProvidedSystemUsers.contains(systemUser)) {
+ if (isKnownSystemUser(systemUser)) {
List<Acl> authorizations = currentAcls.getValue();
// make sure all paths are created first
@@ -155,6 +155,15 @@ public final class DefaultAclManager implements AclManager {
}
}
+ private boolean isKnownSystemUser(String id) {
+ for (SystemUser systemUser : preProvidedSystemUsers) {
+ if (id.equals(systemUser.getId())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
@Override
public void addNodetypeRegistrationSentence(String nodetypeRegistrationSentence) {
if (nodetypeRegistrationSentence != null) {
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/acl/SystemUser.java b/src/main/java/org/apache/sling/feature/cpconverter/acl/SystemUser.java
new file mode 100644
index 0000000..0c3c3c6
--- /dev/null
+++ b/src/main/java/org/apache/sling/feature/cpconverter/acl/SystemUser.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.acl;
+
+import java.nio.file.Path;
+import java.util.Objects;
+
+public class SystemUser {
+
+ private final String id;
+
+ private final Path path;
+
+ public SystemUser(String id, Path path) {
+ this.id = id;
+ this.path = path;
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public Path getPath() {
+ return path;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + Objects.hash(id);
+ result = prime * result + Objects.hash(path);
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+
+ if (obj == null || getClass() != obj.getClass()) {
+ return false;
+ }
+
+ SystemUser other = (SystemUser) obj;
+ return Objects.equals(id, other.getId()) && Objects.equals(path, other.getPath());
+ }
+
+
+
+}
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
index f4ba35c..f377ca1 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandler.java
@@ -19,6 +19,7 @@ package org.apache.sling.feature.cpconverter.handlers;
import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
import java.io.InputStream;
+import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Map;
import java.util.Stack;
@@ -112,7 +113,9 @@ public final class RepPolicyEntryHandler extends AbstractRegexEntryHandler {
int endIndex = privileges.indexOf(']');
privileges = privileges.substring(beginIndex, endIndex);
- acls.add(aclManager.addAcl(principalName, operation, privileges, path));
+ Acl acl = new Acl(operation, privileges, Paths.get(path));
+
+ acls.add(aclManager.addAcl(principalName, acl));
} else if (REP_RESTRICTIONS.equals(primaryType) && !acls.isEmpty()) {
for (String restriction : RESTRICTIONS) {
String path = attributes.getValue(restriction);
diff --git a/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java b/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
index 74ce9c0..1188c01 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandler.java
@@ -17,10 +17,13 @@
package org.apache.sling.feature.cpconverter.handlers;
import java.io.InputStream;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import org.apache.jackrabbit.vault.fs.io.Archive;
import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
import org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
+import org.apache.sling.feature.cpconverter.acl.SystemUser;
import org.apache.sling.feature.cpconverter.shared.AbstractJcrNodeParser;
import org.xml.sax.Attributes;
@@ -33,7 +36,7 @@ public final class SystemUsersEntryHandler extends AbstractRegexEntryHandler {
@Override
public void handle(String path, Archive archive, Entry entry, ContentPackage2FeatureModelConverter converter)
throws Exception {
- SystemUserParser systemUserParser = new SystemUserParser(converter);
+ SystemUserParser systemUserParser = new SystemUserParser(converter, Paths.get(path).getParent());
try (InputStream input = archive.openInputStream(entry)) {
systemUserParser.parse(input);
}
@@ -47,16 +50,19 @@ public final class SystemUsersEntryHandler extends AbstractRegexEntryHandler {
private final ContentPackage2FeatureModelConverter converter;
- public SystemUserParser(ContentPackage2FeatureModelConverter converter) {
+ private final Path path;
+
+ public SystemUserParser(ContentPackage2FeatureModelConverter converter, Path path) {
super(REP_SYSTEM_USER);
this.converter = converter;
+ this.path = path;
}
@Override
protected void onJcrRootElement(String uri, String localName, String qName, Attributes attributes) {
String authorizableId = attributes.getValue(REP_AUTHORIZABLE_ID);
if (authorizableId != null && !authorizableId.isEmpty()) {
- converter.getAclManager().addSystemUser(authorizableId);
+ converter.getAclManager().addSystemUser(new SystemUser(authorizableId, path));
}
}
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
index 8dab9ca..b0f845e 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
@@ -23,6 +23,7 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import java.io.File;
+import java.nio.file.Paths;
import org.apache.sling.feature.ArtifactId;
import org.apache.sling.feature.Extension;
@@ -48,18 +49,18 @@ public class AclManagerTest {
@Test
public void makeSureAclsAreCreatedOnlyForKnownUsers() {
- aclManager.addSystemUser("acs-commons-ensure-oak-index-service");
+ aclManager.addSystemUser(new SystemUser("acs-commons-ensure-oak-index-service", Paths.get("/asd/public")));
// emulate a second iteration of conversion
aclManager.reset();
- aclManager.addSystemUser("acs-commons-package-replication-status-event-service");
+ aclManager.addSystemUser(new SystemUser("acs-commons-package-replication-status-event-service", Paths.get("/asd/public")));
- aclManager.addAcl("acs-commons-ensure-oak-index-service", "allow", "jcr:read,rep:write,rep:indexDefinitionManagement", "/asd/public");
- aclManager.addAcl("acs-commons-package-replication-status-event-service", "allow", "jcr:read,crx:replicate,jcr:removeNode", "/asd/public");
+ aclManager.addAcl("acs-commons-ensure-oak-index-service", new Acl("allow", "jcr:read,rep:write,rep:indexDefinitionManagement", Paths.get("/asd/public")));
+ aclManager.addAcl("acs-commons-package-replication-status-event-service", new Acl("allow", "jcr:read,crx:replicate,jcr:removeNode", Paths.get("/asd/public")));
// add an ACL for unknown user
- aclManager.addAcl("acs-commons-on-deploy-scripts-service", "allow", "jcr:read,crx:replicate,jcr:removeNode", "/asd/public");
+ aclManager.addAcl("acs-commons-on-deploy-scripts-service", new Acl("allow", "jcr:read,crx:replicate,jcr:removeNode", Paths.get("/asd/public")));
VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
when(assembler.getEntry(anyString())).thenReturn(new File(System.getProperty("java.io.tmpdir")));
@@ -73,7 +74,8 @@ public class AclManagerTest {
// acs-commons-on-deploy-scripts-service will be missed
String expected = "create path (sling:Folder) /asd\n" +
"create path (sling:Folder) /asd/public\n" +
- "create service user acs-commons-package-replication-status-event-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-package-replication-status-event-service with path public\n" +
"set ACL for acs-commons-package-replication-status-event-service\n" +
"allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" +
"end\n" +
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
index f5fbc12..5cecbf0 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
@@ -27,6 +27,7 @@ import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
import java.io.File;
+import java.nio.file.Paths;
import org.apache.jackrabbit.vault.fs.io.Archive;
import org.apache.jackrabbit.vault.fs.io.Archive.Entry;
@@ -36,6 +37,7 @@ import org.apache.sling.feature.ExtensionType;
import org.apache.sling.feature.Feature;
import org.apache.sling.feature.cpconverter.ContentPackage2FeatureModelConverter;
import org.apache.sling.feature.cpconverter.acl.DefaultAclManager;
+import org.apache.sling.feature.cpconverter.acl.SystemUser;
import org.apache.sling.feature.cpconverter.features.DefaultFeaturesManager;
import org.apache.sling.feature.cpconverter.features.FeaturesManager;
import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler;
@@ -86,27 +88,33 @@ public final class RepPolicyEntryHandlerTest {
String expected = "create path (sling:Folder) /asd\n" +
"create path (sling:Folder) /asd/public\n" +
- "create service user acs-commons-ensure-oak-index-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-ensure-oak-index-service with path public\n" +
"set ACL for acs-commons-ensure-oak-index-service\n" +
"allow jcr:read,rep:write,rep:indexDefinitionManagement on /asd/public restriction(rep:glob,*/oak:index/*)\n" +
"end\n" +
- "create service user acs-commons-dispatcher-flush-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-dispatcher-flush-service with path public\n" +
"set ACL for acs-commons-dispatcher-flush-service\n" +
"allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" +
"end\n" +
- "create service user acs-commons-package-replication-status-event-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-package-replication-status-event-service with path public\n" +
"set ACL for acs-commons-package-replication-status-event-service\n" +
"allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" +
"end\n" +
- "create service user acs-commons-ensure-service-user-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-ensure-service-user-service with path public\n" +
"set ACL for acs-commons-ensure-service-user-service\n" +
"allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" +
"end\n" +
- "create service user acs-commons-automatic-package-replicator-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-automatic-package-replicator-service with path public\n" +
"set ACL for acs-commons-automatic-package-replicator-service\n" +
"allow jcr:read on /asd/public\n" +
"end\n" +
- "create service user acs-commons-on-deploy-scripts-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-on-deploy-scripts-service with path public\n" +
"set ACL for acs-commons-on-deploy-scripts-service\n" +
"allow jcr:read on /asd/public\n" +
"end\n";
@@ -125,19 +133,23 @@ public final class RepPolicyEntryHandlerTest {
String expected = "create path (sling:Folder) /asd\n" +
"create path (sling:Folder) /asd/public\n" +
- "create service user acs-commons-package-replication-status-event-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-package-replication-status-event-service with path public\n" +
"set ACL for acs-commons-package-replication-status-event-service\n" +
"allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" +
"end\n" +
- "create service user acs-commons-ensure-service-user-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-ensure-service-user-service with path public\n" +
"set ACL for acs-commons-ensure-service-user-service\n" +
"allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" +
"end\n" +
- "create service user acs-commons-automatic-package-replicator-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-automatic-package-replicator-service with path public\n" +
"set ACL for acs-commons-automatic-package-replicator-service\n" +
"allow jcr:read on /asd/public\n" +
"end\n" +
- "create service user acs-commons-on-deploy-scripts-service\n" +
+ "create path (rep:AuthorizableFolder) /home/users/system/public\n" +
+ "create service user acs-commons-on-deploy-scripts-service with path public\n" +
"set ACL for acs-commons-on-deploy-scripts-service\n" +
"allow jcr:read on /asd/public\n" +
"end\n";
@@ -170,7 +182,7 @@ public final class RepPolicyEntryHandlerTest {
if (systemUsers != null) {
for (String systemUser : systemUsers) {
- converter.getAclManager().addSystemUser(systemUser);
+ converter.getAclManager().addSystemUser(new SystemUser(systemUser, Paths.get("/asd/public")));
}
}
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandlerTest.java
index 3e205d5..9e1d440 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandlerTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/SystemUsersEntryHandlerTest.java
@@ -74,7 +74,11 @@ public class SystemUsersEntryHandlerTest {
assertNotNull(repoinitExtension);
assertEquals(ExtensionType.TEXT, repoinitExtension.getType());
assertTrue(repoinitExtension.isRequired());
- assertEquals("create service user asd-share-commons-asd-index-definition-reader-service\n", repoinitExtension.getText());
+
+ String expected = "create path (rep:AuthorizableFolder) /home/users/system/asd-index-definition-reader\n" +
+ "create service user asd-share-commons-asd-index-definition-reader-service with path asd-index-definition-reader\n";
+ String actual = repoinitExtension.getText();
+ assertEquals(expected, actual);
}
@Test